I needed to locate the LDAP distinguished name of an individual user account in a remote domain via PowerShell. Assuming your script is running on a box that is part of a domain that has a trust to the remote domain we can do this by running a query against Active Directory with LDAP.
By using the DirectorySearcher class we can build complex LDAP queries to find objects in Active Directory. With this information you can do all kinds of fun scripting things.
Here is a sample script:
#Specify the search criteria
$samname = "jasonv"
$domain = "dev.lcl"
#Get a list of domains in the forest and grab the DN of the one matching the above parameter.
$forest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
$domain = $forest.Domains | ? {$_.Name -eq $domain}
$domainDN = $domain.GetDirectoryEntry().distinguishedName
Write-Output "Found the remote domain, the full LDAP distinguished name is $DomainDN"
#Create an LDAP searcher object and pass in the DN of the domain we wish to query
$Searcher = New-Object System.DirectoryServices.DirectorySearcher([ADSI]"LDAP://$domainDN")
#Pass in the ceriteria we are searching for.
#In this case we're looking for users with a particular SAM name.
$Searcher.filter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName= $samname))"
$results = $Searcher.Findall()
#Loop through the results
Foreach($result in $results){
$User = $result.GetDirectoryEntry()
$userDN = $user.DistinguishedName
Write-Output "Found a user matching with the distingused name of $userDN"
}
I recently put together a powershell script that can be used to update a profile property of all of the users stored in the SharePoint SSP. At NewsGator we use a boolean property field to indicate if a particular part of our product has been activated or not. There are some cases where this boolean flag needs to be reset for all users. To do this I put together a simple powershell script to reset this value for all users.
This could easily be adapted for other users so I thought I would post share it.
###########################
# "Configure Settings"
$SSPName = "SSPAdmin"
$MySiteUrl = "http://mysite/"
$propName = "newsgator-x-onboarded"
$propValue = "true"
###########################
#Load the SharePoint assemblies
[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.Office.Server")
[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.Office.Server.UserProfiles")
$ServerContext = [Microsoft.Office.Server.ServerContext]::GetContext($SSPName);
$UPManager = new-object Microsoft.Office.Server.UserProfiles.UserProfileManager($ServerContext);
$enumProfiles = $UPManager.GetEnumerator();
"Total User Profiles available:" + $UPManager.Count
$count=0;
#Loop through the SSP entries and update the property
foreach ($oUser in $enumProfiles)
{
$count = $count + 1;
$u = $oUser.Item("Accountname");
Write-Output "($count): Setting '$propName' to '$propValue' for $u";
$oUser[$propName].Value = $propValue;
$oUser.Commit();
}
I recently came across a client who needed to activate a couple of features on their MySites in batches. Given that they have a significant number of MySites already created we needed to find a way to stage the deployment of the new functionality that the features offer. I put together a PowerShell script that iterates through the SSP looking for users who:
- Have a MySite
- Either one of both of the required features are not currently active
For each of the users that match the above criteria both of the features are activated. A counter is incremented and once we reach the desired number of users for the batch the script exits. When we are ready to process another batch the script effectively picks up where it left off since we’re skipping the users who are already activated.
You could then have the execution of this script automatically executed on a regular basis during low utilization hours. Eventually everyone will have the features activated and the new functionality deployed. You could continue to let the script execute to catch any new users (if you decide not to staple the features like we are).
For others looking to do something similar I’m posting the original script in its entirety.
###########################
# "Configure Settings"
$SSPName = "SSPAdmin"
$mysiteurl = "http://mysite"
$ngsite_feature_id = "6a91335c-5ecc-4afc-aa68-14d73afbb1bc"
$webpart_feature_id = "5174F049-99D9-4d68-96E0-93AB2AE1C7BC"
$userCount = 500
$stsadm = "$env:programfiles\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\STSADM.EXE"
###########################
#Load the SharePoint Assemblies
[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.Office.Server")
[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.Office.Server.UserProfiles")
#Create the SSP objects
$ServerContext = [Microsoft.Office.Server.ServerContext]::GetContext($SSPName);
$UPManager = new-object Microsoft.Office.Server.UserProfiles.UserProfileManager($ServerContext);
$enumProfiles = $UPManager.GetEnumerator();
"Total User Profiles available:" + $UPManager.Count
$count=0;
#Loop through every user who has an entry in the SSP
foreach ($oUser in $enumProfiles)
{
#Get the username for the user
$u = $oUser.Item("Accountname")
#How many have we activated? If more than $userCount above stop processing
if ($count -ge $userCount) {
Write-Output "Okay, we're stopping for now because we've activated for $userCount MySites"
break
} else {
#Does the user have a MySite? If so continue
if ($oUser['PersonalSpace'].Value -ne $null) {
#Create an SPSite (Site Collection) and SPWeb (Web) object for the given users MySite
$siteurl = $mysiteurl + $oUser['PersonalSpace'].Value
$spSite = new-object Microsoft.SharePoint.SPSite($siteurl)
$spWeb = $spSite.OpenWeb()
#Let's check to see if either of the features we want to activate are currently activated.
#If not we should activate them. Remember that the NewsGator Site Feature is "site" scoped thus we use SPWeb
#The web part feature is Site Collection scoped so we have to use SPSite
if (($spWeb.Features[$ngsite_feature_id] -eq $null) -or ($spSite.Features[$webpart_feature_id] -eq $null)) {
#Execute STSADM -o activatefeature to activate the NewsGator Site Feature for this user, if it fails capture that and stop execution of the program.
$sResult = &stsadm -o activatefeature -id $ngsite_feature_id -force -url $siteurl
if(!($sResult -like "*Operation completed successfully*")){
Write-Host -ForegroundColor "red" -BackgroundColor "white" "Activate of site upgrade feature failed for $u on $siteurl : `n $sResult"
break
}
#Execute STSADM -o activatefeature to activate the Webpart deployment feature, if it fails capture that and stop execution
$sResult = &stsadm -o activatefeature -id $webpart_feature_id -force -url $siteurl
if(!($sResult -like "*Operation completed successfully*")){
Write-Host -ForegroundColor "red" -BackgroundColor "white" "Activate of mysite web parts feature failed for $u on $siteurl : `n $sResult"
break
}
#increment the count and output a status
$count = $count + 1;
Write-Output "($count): Features activated on $siteurl for $u succesfully";
} else {
Write-Output "Skipping $siteurl for $u as they are already active."
}
} else {
Write-Output "Skipping $siteurl for $u as they do not have a MySite."
}
#Clean up our objects to prevent a memory leak
$spWeb.Dispose();
$spSite.Dispose();
$siteurl = $null;
}
}